Re^7: Any security holes?


There's more than one way to do things
	PerlMonks

Re^7: Any security holes?

by haj (Priest)

on Jun 28, 2022 at 13:43 UTC ( #11145148=note: print w/replies, xml )

Need Help??

in reply to Re^6: Any security holes?
in thread Any security holes?

Your script attempts to write tainted data to the filesystem. Running in taint mode protects you from doing this ...

This is not how taint mode works. You can write tainted data to the file system just fine. It is passing tainted data to the OS (via the file system, starting processes and the like) where taint mode kicks in.

A frequent path to taint failures is whenever environment variables like e.g. $ENV{HOME} or $ENV{TMP} are used by Perl modules. This may also differ between platforms. For example, my current Linux desktops don't even have $ENV{TMP} defined, whereas on Windows it is usually set.

Comment on Re^7: Any security holes?

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://11145148]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others chanting in the Monastery: (3)

As of 2023-04-02 02:50 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found

Notices^?